package cn.edu.gzhu.workOrderManagement.intercepter;

import cn.edu.gzhu.workOrderManagement.constants.MessageConstant;
import cn.edu.gzhu.workOrderManagement.enumeration.UserAuthorityEnum;
import cn.edu.gzhu.workOrderManagement.pojo.dto.user.UserDeleteDto;
import cn.edu.gzhu.workOrderManagement.pojo.dto.user.UserUpdateDto;
import cn.edu.gzhu.workOrderManagement.util.ResponseUtil;
import cn.hutool.json.JSONUtil;
import io.jsonwebtoken.Claims;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.List;
import java.util.stream.Collectors;

//用来检查用户和组织接口的权限，list接口不适用该拦截器
@Component
@Slf4j
public class UserManagementInterceptor implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

        Claims claims =(Claims)request.getAttribute("claims");

        String requestURI = request.getRequestURI();
        String username = claims.get("username", String.class);
        UserAuthorityEnum authority = UserAuthorityEnum.value2Object(claims.get("authority").toString());

        if (requestURI.equals("/user/update")) {
            //可以修改自己的密码
            String body = request.getReader().lines().collect(Collectors.joining(System.lineSeparator()));
            UserUpdateDto userUpdateDto = JSONUtil.toBean(body, UserUpdateDto.class);
            if (userUpdateDto.getUsername().equals(username)) {
                if ((userUpdateDto.getOrganization()==null|| userUpdateDto.getOrganization().isEmpty())
                        && userUpdateDto.getIsAvailable()==null &&userUpdateDto.getAuthority()==null) {
                    return true;
                }
            }
            //管理员不能修改自己的权限和可用性
            if (UserAuthorityEnum.ADMIN.equals(authority)&&userUpdateDto.getUsername().equals(username)){
                if (userUpdateDto.getIsAvailable()!=null ||userUpdateDto.getAuthority()!=null) {
                    ResponseUtil.failResponse(response,MessageConstant.PERMISSION_DENIED);
                    return false;

                }
            }
        }
        //管理员账号不能删除
        if (requestURI.equals("/user/delete")) {
            String body = request.getReader().lines().collect(Collectors.joining(System.lineSeparator()));
            UserDeleteDto userDeleteDto = JSONUtil.toBean(body, UserDeleteDto.class);
            List<String> usernames = userDeleteDto.getUsernames();
           if (usernames.contains(username)) {
               ResponseUtil.failResponse(response,MessageConstant.PERMISSION_DENIED);
               return false;
           }
        }


        if(!UserAuthorityEnum.ADMIN.equals(authority)){
            ResponseUtil.failResponse(response, MessageConstant.PERMISSION_DENIED);
            return false;
        }


        return true;

    }
}
